Mozilla Foundation Security Advisory 2005-19
Autocomplete data leak
- February 24, 2005
- Matt Brubeck
- Fixed in
- Firefox 1.0.1
As users downarrow through autocomplete choices each is copied in turn into the input control. A malicious site could create a page that autocompletes some common data (such as phone number or SSN) and potentially convince a user to arrow through the values. Script on the page could watch the values as they are added and copy them into a hidden field for submission to the site.
Turn off the Form Fill feature.